Interface - Overview - DNS Server location?

[Chrome]

I am trying to figure out why my WAN interface has OPENDNS servers listed. I highly doubt my ISP has assigned them...and I can't seen to find the setting in the OPNSense interface. I did use OPENDNS at one point...but not for years. Maybe there's a file in shell that hasn't been updated correctly, or that I manually overwrote years ago? Any ideas?

Yes, I've checked SYSTEM - SETTINGS - GENERAL, the OPENDNS servers are NOT listed there. I don't have Services - OpenDNS enabled.

[axsdenied]

I'm fairly certain the only way your WAN side would get DNS servers if assigned by your ISP.  Even if you specified your WAN IP without DHCP you'd still get those.

At the same time it's irrelevant.  By default you control what DNS servers you want your internal network devices to use.  If you don't want to use the ones assigned by the ISP, specify your own or point them to unbound which is enabled by default on OPNsense.

[Chrome]

You're right, it really doesn't matter. To my curiosity, I guess it does. I'd like to figure out why the OPENDNS servers are showing up there?

I plugged my computer into the modem, and pulled an IP and the ISP's DNS..so, their DHCP is definitely NOT issuing OPENDNS servers.

I did download the XML config file...and searched for the OPENDNS IPs ... and it returned nothing.

Where could OPNSENSE be pulling that info from?

[axsdenied]

Only place would be from ISP given your DHCP config.  I assume if you "release" and "reload", from that same screen you shared the screenshot from, those entries come back the same?

[Chrome]

Yes, they come back the same.  ;D

[axsdenied]

In SYSTEM - SETTINGS - GENERAL:

Which options are checked or not checked within the "DNS server options" section?

p.s. i'm grasping at straws at this point  :P

[Chrome]

Yes, checked there...no mention of the OPENDNS servers....

also, checked, /etc/resolv.conf for good measure and it matches "SYSTEM - SETTINGS - GENERAL"

As for the options under, DNS server options;

"Allow DNS server list to be overridden by DHCP/PPP on WAN" and
"Do not use the local DNS service as a nameserver for this system"

are both UNchecked.

[franco]

Since 22.1 we are reworking the DNS handling for dynamic IP configurations. These servers likely show up when you run:

# ifctl -i em0

If yes, these are supplied by the ISP via DHCP/PPPoE but since you don't use them as per your settings that's ok. If no I'm not even sure what magic system we talk about here :)


Cheers,
Franco

[franco]

PS: ::1 doesn't make a lot of sense either as a specific DNS server for WAN, but maybe that's just me.

[Chrome]

@axsdenied and @franco Thank you both for you help.

Output of:

ifctl -i em0
208.67.222.222
208.67.220.220

and

cat /var/db/dhclient.leases.em0

Also mentions:
208.67.222.222
208.67.220.220

I guess my ISP is issuing OPENDNS servers to my router...doesn't make sense, and didn't happen on my laptop I plugged into my modem...

[franco]

Might be bound to the request IP or the MAC of the OPNsense from a historic point of view. But in any case since you don't have "Allow DNS server list to be overridden by DHCP/PPP on WAN" the servers are not used.

To be more clear about the code change in 22.1 is that we want to keep the ISP-based information in case the user decides to investigate or wants to switch on "Allow DNS server list to be overridden by DHCP/PPP on WAN" at runtime which would forget the DNS servers issued on older versions since they were not being stored.


Cheers,
Franco

[Chrome]

Thank you for the explanation on the code changes!